Re: Routing Issue between the same ip subnets

Are the DMZ and firewall MPLS interface networks identical in terms of subnet and mask?

This sounds like your MPLS provider has provided you with a subnet and you want to insert a firewall between that subnet and the resources on the DMZ, correct?

The logical options are:

1: Work with your MPLS vendor to assign a /30 network solely for the link between your ASA and their CE router. Have them route the 172.x network to you. Renumber your firewall interface towards the MPLS cloud with their assigned interface out of the /30.

2: Renumber your DMZ resources to something not in conflict with the MPLS subnet and use NAT.

Other, generally ugly possibilities include bridging and some awful NAT hacks that aren't likely to scale.

An enterprise-wide IP assignment policy can help to avoid this in the first place but you often get into a jam with mergers with other companies having overlapping RFC1918 space.

Question
Hi everyone, I would like to thank you in advance for any help you can provide a newcomer like myself!
Im studying the 100-105 book by Odom and am currently on the topic of Port security. I purchased a used 2960 and I'm trying to follow a...
view more

Symptoms
While deploying a number of 18xx/2802/3802 model access points (APs), which run AP-COS as their operating platform. It can be observed on some occasions that while many of their access points were able to join the fabric WLC withou...
view more

I am going to design and build an LAN network under a tunnel underground with long distance between the switches.
I will have 2 Catalyst switches and 8 Industrial IE3000, and they will be connected with fiber.
For now I am planning on use Layer-2 s...
view more